Please critique my upload script.

Coding Critique is the place to post source code for peer review by other members of DevNetwork. Any kind of code can be posted. Code posted does not have to be limited to PHP. All members are invited to contribute constructive criticism with the goal of improving the code. Posted code should include some background information about it and what areas you specifically would like help with.

Popular code excerpts may be moved to "Code Snippets" by the moderators.

Moderator: General Moderators

josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Please critique my upload script.

Post by josh »

You need an absolute path to read the file, and it still looks like someone can cause your script to echo JS
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Please critique my upload script.

Post by social_experiment »

and it still looks like someone can cause your script to echo JS
I tried entering <script>alert("XSS")</script> in my url as suggested via another comment but it doesn't alert the message. How can i improve the script to stop any JS code from being echoed?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply